Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security Policy
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

auth

module

v0.0.0-...-0e0368c Latest Latest Go to latest Published: Jun 10, 2020 License: MIT

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/wansing/auth

README ¶

auth

client

A simple library for authentication via:

SASL Plain authentication via Unix Socket (non-standardized)
SMTPS
STARTTLS

server

A simple service which processes authentication requests received via:

SASL Plain authentication via Unix Socket (non-standardized)

Design choices

fail2ban integration with reverse proxies
- Issue
  - client sends a request with a faked X-Forwarded-For header
  - nginx appends the client's real IP address to the header value
  - a software uses the first (faked) X-Forwarded-For IP address
  - fail2ban has no effect, someone else gets blacklisted
- Decision: client.ExtractIP extracts the X-Real-IP header. Your first reverse proxy must set X-Real-IP to the client IP address, later proxies must not.

Security Considerations

Even though the credentials are usually the same, authentication via SMTP is preferred over IMAP. We don't want access to stored emails.

Directories ¶

Path	Synopsis
client
server
cmd/authcli
cmd/authsrv